Commit 6d5eaca2 authored by Kirill Smelkov's avatar Kirill Smelkov

decoder: Don't skip errors in ASCII long format

1. the number has to be terminated with 'L' - check it
   (previously last byte was simply discarded)

2. big.Int.SetString() ok code has to be checked too to catch invalid
   input.

big.Int.SetString() usage in test adjusted to also not skip errors
silently.
parent da5f0342
...@@ -403,11 +403,15 @@ func (d *Decoder) loadLong() error { ...@@ -403,11 +403,15 @@ func (d *Decoder) loadLong() error {
if err != nil { if err != nil {
return err return err
} }
if len(line) < 1 { l := len(line)
if l < 1 || line[l-1] != 'L' {
return io.ErrUnexpectedEOF return io.ErrUnexpectedEOF
} }
v := new(big.Int) v := new(big.Int)
v.SetString(string(line[:len(line)-1]), 10) _, ok := v.SetString(string(line[:l-1]), 10)
if !ok {
return fmt.Errorf("pickle: loadLong: invalid string")
}
d.push(v) d.push(v)
return nil return nil
} }
......
...@@ -13,7 +13,10 @@ import ( ...@@ -13,7 +13,10 @@ import (
func bigInt(s string) *big.Int { func bigInt(s string) *big.Int {
i := new(big.Int) i := new(big.Int)
i.SetString(s, 10) _, ok := i.SetString(s, 10)
if !ok {
panic("bigInt")
}
return i return i
} }
...@@ -263,6 +266,10 @@ func TestDecodeError(t *testing.T) { ...@@ -263,6 +266,10 @@ func TestDecodeError(t *testing.T) {
"}g1\n.", "}g1\n.",
"}h\x01.", "}h\x01.",
"}j\x01\x02\x03\x04.", "}j\x01\x02\x03\x04.",
// invalid long format
"L123\n.",
"L12qL\n.",
} }
for _, tt := range testv { for _, tt := range testv {
buf := bytes.NewBufferString(tt) buf := bytes.NewBufferString(tt)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment